Internet2's Advanced Layer 2 Service delivers a strategic advantage for leaders in research and education (R&E) by providing effective and efficient wide area 100 gigabit Ethernet technology. CIOs and IT staff can now provide a turnkey solution for balancing long-term or short-term global big data science collaborations and production services.

Enabling scalable and flexible global access to an open exchange network, members can build Layer 2 circuits (VLANs) between endpoints on the Internet2 Network and beyond. The service meets the wide-ranging needs of the research and education community—both now and into the future.

AL2S allows users to create their own VLANs on the Internet2 AL2S backbone. Static or Dynamic, point-to-point or multipoint, intra-domain or inter-domain, AL2S puts control of the backbone VLANs into the users' hands for the creation of purpose-built private circuits using infrastructure already in place.

AL2S

STATIC VLANs: point-to-point or multipoint, configured on demand by the user through a portal. Please see here for more details.

DYNAMIC VLANs: point-to-point or multipoint. The option to configure VLANs dynamically on demand by the user through a portal. Please see here for more details.

INTERDOMAIN CONNECTIVITY: global R&E and Global Optical Lightpath Exchange fabrics enable Ethernet VLANs throughout the U.S. on Internet2 and around the world through partner networks to intercommunicate.

Links to an Advanced Layer 2 Network map and Infosheet can be found in the box to the right.

A link to documentation, presentations, and copies of slides and recordings of webinars can be found here.

A list of organizations connected to AL2S at both 100GE and 10GE is available here.

General

Do I need to be running OpenFlow to use AL2S?

No, OpenFlow isn't needed to connect to AL2S. Please see this link for more information.

Can I create my own logical Layer 3 network on top of several AL2S connections?

Yes, by creating a set of VLANs you can interconnect your routers over the AL2S infrastructure.

Are there any AL2S reports available.

Yes, Internet2 produces reports detailing the availability and bandwidth of the AL2S network. These reports along with spreadsheets listing the values for metrics related to Change Management and Incident Management can be found here.

Can you provide pointers to documentation?

Yes, you can find links to documentation, videos, presentations, and webinars (slides and audio recordings) here.

Is there an AL2S cap on my port(s)?

No, both 100 GE and 10 GE ports have access to the full bandwidth.

Where is AL2S available?

City

City

City

Albany, NY

El Paso, TX

New York, NY

Ashburn, VA

Hartford, CT

Philadelphia, PA

Atlanta, GA

Houston, TX

Phoenix, AZ

Baton Rouge, LA

Indianapolis, IN

Pittsburgh, PA

Boston, MA

Jackson, MS

Portland, OR

Charlotte, NC

Jacksonville, FL

Raleigh, NC

Chicago, IL-Equinix

Kansas City, MO

Reno, NV

Chicago, IL-Starlight

Las Vegas, NV

Salt Lake City, UT

Chicago, IL

Los Angeles, CA

Seattle, WA

Cincinnati, OH

Louisville, KY

Sunnyvale, CA

Cleveland, OH

McLean, VA

Tucson, AZ

Dallas, TX

Minneapolis, MN

Tulsa, OK

Denver, CO

Missoula, MT

How can my organization connect to AL2S?

Connections are available at 100 GE and 10 GE bandwidths.

What is the physical infrastructure of AL2S?

AL2S consists of a set of switches interconnected by at least two 100 GE links to other switches. The current vendors used are Brocade and Juniper. The map on the right shows the locations of the switches.

If my organization is behind a regional connector, who has rights to assign VLANs?

The organization with Administrator rights to the Workgroup has the ability to designate VLANs to other Workgroups created by the Administrator.

What is the advantage of AL2S?

In a word, VLANs. AL2S allows an organization to create either long-term static or ad hoc on demand VLANs between interfaces owned by that Workgroup or interfaces that other organizations make available. This allows layer 2 links to be created as needed between interfaces on the AL2S network.

Static VLANs

What is OESS?

OESS is a set of software used to configure and control dynamic (user-controlled) layer 2 virtual circuit (VLAN) networks on OpenFlow enabled switches. OESS provides sub-second circuit provisioning, automatic circuit failover, per-interface permissions, and automatic per-VLAN statistics. It includes simple and user friendly web-based user interface as well as a web services API.

A demo of the OESS user interface is available here. Use GRNOC as the suggested selection then sign in using Login: os3e with Password: os3edemo.

Can I connect to all other AL2S ports?

Conceptually this is possible but to do this you must get the permission of the owners of destination ports and have them give your workgroup allow access to those ports.

How do I get permission to build a circuit to another port that I do not own?

At this time, you can request that the Internet2 NOC contact the owner of the other port for permission to add that port to your workgroup.

Are multipoint vlans available?

Yes, they are available but at this time MAC learning isn't available. Multipoint-multipoint VLANs with up to a few dozen endpoints are supported. Users can provision these through the normal OESS web interface. Please see this link for more details.

Dynamic VLANs

What is SDN?

"Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services."

I have a different controller I want to try, can I do that?

Is the use of OESS software required?

No, it's not required. To create circuits you would need to either manually create them or use software supporting OSCARS to create circuits using the built-in api. You are, of course, free to use OESS software on your local infrastructure to control your OpenFlow enabled switches. Then you can again use OSCARS to create a circuit through the AL2S infrastructure.

How does GENI fit in?

AL2S is being integrated into the GENI mesoscale backbone, to become a GENI backbone. GENI tries to provide Layer2 paths between resources, and the Advanced Layer 2 Service can be used to access GENI resources. Currently this is allocating VLANs that terminate on GENI equipment. In the near future, GENI Credentials will be able to be used with GENI standard interfaces to create VLANs over AL2S to connect resources. Longer term, GENI researchers will also be able to use software defined networking to control the backbone paths, and install their own controllers for backbone paths over AL2S, as they can with the original GENI mesoscale backbone.

GENI resources on campuses and in regionals can be accessed directly using AL2S, thus it can tie together multiple resources (e.g., compute instances on GENI Racks). AL2S also has four 10G connections into the GENI mesoscale backbone being operated by Internet2, to access existing resources.

Interdomain Connectivity

I have a GENI researcher; can he or she use AL2S to get access to GENI resources?

Yes. Today this involves creating a VLAN either to the existing GENI mesoscale backbone, and using GENI interfaces to allocate the rest of the resources or alternatively VLANs can be set up directly to GENI resources at campus and regional sites. The researcher would need to work with those sites, perhaps with the GENI Project Office (help@geni.net) to ensure connectivity to the sites. For further information about GENI and GENI resources please see this link.

What is the FlowSpace Firewall?

FlowSpace Firewall provides the ability to run multiple OpenFlow applications/controllers on the same switches providing a form of network multi-tennancy. It operates as a proxying OpenFlow firewall, restricting which part of the flow space a controller can manipulate. It provides the ability to enforce VLAN Tag based flow space restrictions and provides controll channel rate limiting.